Monday, 1 February 2016

Security Testing - The Challenges Faced by Testers

Challenges Faced by Security Testers

With the advancement of technology it has provided us with many benefits as well as helped us to lead a life of luxury and ease. It has also helped in diminishing the distance between the people and increased chances of communication. However, like all good things, this advancement too has certain negativities which are majorly looming up on us like the security threats that are becoming stronger and stronger. This makes security testing very important in the current days.
  1. Very Frequent Changes: With the ever increasing demands of the customers, the developers have to bring about frequent updates and changes in the application they are developing. This has to be combined with the regular testing of the software to check if the security is top notch even after the changes that have been brought about. Previously testing needed to be done on the alpha and the final product, but this frequent testing poses to be a real challenge. These changes make all year round testing compulsory.
  2. Too Many Pages: With the development of better and more detailed applications, contents which require testing also increases. This in turn increases the time required for testing these detailed applications. Automation tools may ease this challenge faced by the testers but it only accounts for certain vulnerabilities of the applications the rest of which has to be detected by manual process in order to be rectified. This challenge can be somewhat avoided by keeping special focus on the various threats which appears again and again on the application which may help in cutting down the cost of the whole security testing process and ease the challenges.
  3.  Lots of Privilege Levels: Prevention of privilege escalation via holes in the application is one of the major jobs of the security testing process. With the increase of privileges provided to the customers the number of security tests applicable to the applications automatically increases. Increased number of tests will result in increased time invested as well as increase focus for each of the application which becomes a major issue for the testers. The problem intensifies when the automated tools fails to find the holes which further escalates the already provided privileges and time consuming manual testing procedures are required for it.
  4. A Lot of Ajax: Introduction of Ajax poses to be a serious security threat in the current days. Ajax enables the users of the various applications to request for various little changes in the same. Each of these various little requests allows tempering of the available security changes as these changes could bring about various kinds of cracks in the system. This leads to constant security testing of application by the testers. Another major problem is the fact that although these problems may be related to the old school ones, tools for Ajax security testing are still developing.
  5. Tools Haven’t Matured: The most prevalent challenge which is faced by the testers during security testing of the application is the lack of tools which will be capable of performing automated security tests on the applications that are being developed. The automated tools which are available are only partially capable of detecting the security breaches or loopholes present on the application. This compels the testers to perform the various security tests by the old school manual testing process which requires more labor as well as greater amount of time for the completion and detection of flaws.

These are some of the major challenges that the testers are facing when it comes to security testing of the various software. 


  1. In my recent research, I've found that automated testing tools have a long way to go to becoming easily customizable. A lot of manual testing is still required along with script writing.

  2. In my experience I have found that several skilled testers still faces challenges while doing security testing as this testing requires versatile skills. Many testers uses automated security testing tools but at the end we need to rewrite test cases as we don't solely rely on automation testing.